Artificial Intelligence May 2, 2023

ChatGPT Confirms Data Breach, Raising Security Concerns

4 min read - When ChatGPT and similar chatbots first became widely available, the concern in the cybersecurity world was how AI technology could be used to launch cyberattacks. In fact, it didn’t take very long until threat actors figured out how to bypass…

Application Security April 5, 2023

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard,…

Risk Management January 23, 2023

Log4j Forever Changed What (Some) Cyber Pros Think About OSS

4 min read - In late 2021, the Apache Software Foundation disclosed a vulnerability that set off a panic across the global tech industry. The bug, known as Log4Shell, was found in the ubiquitous open-source logging library Log4j, and it exposed a huge swath…

Government August 29, 2022

How Cybersecurity Policy Has Changed Since the SolarWinds Attack

3 min read - Major cyberattacks since 2019 jolted the U.S. government and software industry into action. The succeeding years have seen executive orders, new funding, two summits and a newfound resolve. Because of those attacks, the federal government aims to fix the open-source…

Incident Response January 7, 2022

5 Things New with Bug Bounty Programs

4 min read - On September 29, HackerOne announced the latest version of its Internet Bug Bounty (IBB) program. This initiative helped to coordinate the discovery of more than 1,000 security weaknesses in open-source software between 2013 and 2021. HackerOne’s latest version aims to…

Incident Response December 3, 2021

What the Internet Bug Bounty Teaches About Open-Source Software Security

4 min read - The security platform HackerOne recently announced the latest version of their Internet Bug Bounty (IBB) program. The IBB strives to enhance open-source software security by pooling resources and encouraging security experts (they call themselves hackers) to find flaws in open-source…

Intelligence & Analytics November 2, 2021

Using Open-Source Intelligence for Mergers and Acquisitions

3 min read - Mergers and acquisitions (M&A) have been challenging for IT and security teams for as long as businesses have relied on technology. Every company’s IT system is as unique as the company itself. Your business may run on commonly used tools…

Advanced Threats September 3, 2021

Fighting Cyber Threats With Open-Source Tools and Open Standards

7 min read - Detecting cyber threats is usually the first critical step in the mitigation of cyber attacks. Common means to achieve this goal are rules or analytics that track network and system behaviors and raise alerts when potentially malicious attacks are identified.…

Application Security May 25, 2021

Supply Chain Attacks: How To Reduce Open-Source Vulnerabilities

3 min read - When you read that software supply chain attacks increased 42% in the first quarter of 2021 over Q4 2020, you might think the cybersecurity problem was related to the traditional supply chain. Many people think of a supply chain as…

Risk Management July 24, 2020

Leveraging Open Source Can be Powerful for Cybersecurity

4 min read - Security vendors and end users have access to the same technology and resources, if not more, than the threat actor community. However, the area where cybersecurity falls short as an industry is teamwork. Vendors and end users rarely talk to…